openSUSE-SU-2024:0147-1

Опубликовано: 29 мая 2024

Источник: suse-cvrf

Описание

Security update for libredwg

This update for libredwg fixes the following issues:

Update to tag 0.12.5.6924:

CVE-2023-26157: Fixed out-of-bound read involving section->num_pages in decode_r2007.c (boo#1218473)

Список пакетов

SUSE Package Hub 15 SP5

libredwg-devel-0.12.5.6924-bp155.3.6.1

libredwg-tools-0.12.5.6924-bp155.3.6.1

libredwg0-0.12.5.6924-bp155.3.6.1

openSUSE Leap 15.5

libredwg-devel-0.12.5.6924-bp155.3.6.1

libredwg-tools-0.12.5.6924-bp155.3.6.1

libredwg0-0.12.5.6924-bp155.3.6.1

Ссылки

https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/WJZKASYCXFRWLMBF4XUIYV5ZN2WMSZYO/
E-Mail link for openSUSE-SU-2024:0147-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings
https://bugzilla.suse.com/1218473
SUSE Bug 1218473
https://www.suse.com/security/cve/CVE-2023-26157/
SUSE CVE CVE-2023-26157 page

Описание

Versions of the package libredwg before 0.12.5.6384 are vulnerable to Denial of Service (DoS) due to an out-of-bounds read involving section->num_pages in decode_r2007.c.

Затронутые продукты

SUSE Package Hub 15 SP5:libredwg-devel-0.12.5.6924-bp155.3.6.1

SUSE Package Hub 15 SP5:libredwg-tools-0.12.5.6924-bp155.3.6.1

SUSE Package Hub 15 SP5:libredwg0-0.12.5.6924-bp155.3.6.1

openSUSE Leap 15.5:libredwg-devel-0.12.5.6924-bp155.3.6.1

Ссылки

https://www.suse.com/security/cve/CVE-2023-26157.html
CVE-2023-26157
https://bugzilla.suse.com/1218473
SUSE Bug 1218473

openSUSE-SU-2024:0147-1

Описание

Список пакетов

SUSE Package Hub 15 SP5

openSUSE Leap 15.5

Ссылки

Уязвимость: CVE-2023-26157

Описание

Затронутые продукты

Ссылки